Endpoint Security Architect

Description

Job Location

The primary work location for this role is in Trivandrum, India with a hybrid/ remote work model.

About Envestnet

Envestnet is an adaptive WealthTech company that is redefining the future of wealth management by helping advisors meet the moment with its comprehensive technology, actionable insights, and industry leading support. Backed by over 25 years of experience and approximately $7.0 trillion in platform assets, Envestnet is trusted by over one third of financial advisors across leading banks, wealth managers, brokerages, and RIAs.

For a deeper look at how Envestnet is shaping the future of financial advice, visit www.envestnet.com.

The Team You'll Join

You will join Envestnet's Technology team, where we design, build, and maintain scalable, secure, and robust WealthTech solutions that power the future of financial advice. The team collaborates closely with product, operations, and business stakeholders to drive innovation, enhance efficiency, and enable sustainable growth. Guided by modern engineering practices and a commitment to domain excellence, technical rigor, and collaboration, the Technology team ensures our platforms remain resilient, adaptable, and aligned with evolving business needs making it a core driver of Envestnet's long term success.

How You'll Contribute

We are seeking a highly skilled Endpoint Security Architect to secure enterprise endpoints across physical, virtual, cloud, and development environments. This role requires deep expertise in automation, scripting, cloud-managed provisioning, and securing modern development workstations, including environments supporting AI workloads and sensitive data processing. You will play a key role in implementing endpoint security controls, enforcing policies across VDI and SaaS ecosystems, and integrating telemetry for proactive threat detection and response.

• Design and implement endpoint security and workload identity controls to mitigate lateral movement across segmented environments, including isolation between user endpoints, privileged systems, and cloud identities.
• Integrate endpoint posture and identity signals into access decisions to prevent credential misuse, token abuse, and identity-based threats.
• Manage and optimize endpoint protection platforms (EDR/XDR, AV, DLP, disk encryption, host firewalls) across developer workstations, VDI (Citrix, AWS Workspaces), and cloud-managed devices (Autopilot, Intune).
• Strengthen security controls for development environments, including systems running EPM, containers, and DevOps tooling.
• Design and manage Privileged Access Workstations (PAWs) with secure configurations, OS hardening, network segmentation, and application whitelisting aligned to Zero Trust principles.
• Implement endpoint data protection controls, including classification, encryption, and DLP policies to safeguard sensitive data (PII, PHI, IP).
• Support CASB and SaaS security tools (e.g., Microsoft Defender for Cloud Apps, Zscaler, Obsidian) to enforce access control and data protection across cloud applications.
• Develop and maintain automation using PowerShell and Python for configuration deployment, posture monitoring, and compliance reporting.
• Integrate endpoint telemetry with SIEM and SOAR platforms, supporting automated detection, response, and remediation workflows.
• Monitor endpoint health, vulnerabilities, and patch compliance, ensuring alignment with CIS and NIST standards and collaborating with engineering teams for timely remediation
  
  

What You'll Need To Bring

• Strong hands-on experience in endpoint security architecture and engineering across enterprise environments.
• Deep understanding of endpoint protection technologies (EDR/XDR, DLP, disk encryption, host firewalls).
• Experience with identity-based security controls and Zero Trust architecture principles.
• Expertise in managing cloud-managed endpoints (e.g., Intune, Autopilot) and virtual desktop environments (Citrix, AWS Workspaces).
• Proficiency in scripting and automation using PowerShell and Python.
• Experience integrating endpoint security tools with SIEM/SOAR platforms.
• Solid understanding of compliance frameworks such as CIS benchmarks and NIST standards.
• Ability to collaborate effectively across Security, IT, DevOps, and Data teams in an Agile environment.
• Strong communication and documentation skills, with the ability to translate complex security concepts for diverse audiences.
  
  

Nice-to-Haves

• Experience securing development environments, including containerized workloads and DevOps pipelines.
• Exposure to AI/ML workload security and data protection considerations.
• Hands-on experience with CASB/SaaS security tools such as Microsoft Defender for Cloud Apps, Zscaler, or Obsidian.
• Experience designing or operating Privileged Access Workstation (PAW) environments.
• Familiarity with vulnerability management and patch orchestration at scale.
• Experience participating in purple team exercises or advanced threat simulations.
  
  

Why You'll Enjoy Working at Envestnet 

Help shape the future of WealthTech. At Envestnet you'll gain hands-on experience and collaborate with some of the industry's brightest minds to deliver meaningful, innovative solutions that make a real difference.

We value flexibility in how and where work gets done, and we recognize strong performance with meaningful rewards—because your contributions should drive both business success and your own personal growth. If you're looking for a place where your work has impact, your development is supported, and your contributions are truly valued, Envestnet is where you can build your future.

The opportunity is now!

Our Investment in You

At Envestnet, our total rewards philosophy is designed to attract, motivate, and grow exceptional talent. We offer competitive, market-aligned compensation complemented with performance-linked incentives and rewards programs that recognize and reward impact.

In addition, we provide a comprehensive suite of benefits - subject to Envestnet's plan eligibility rules - that support your overall well-being, including medical insurance for you and your family, annual health check-ups, free online doctor consultations and telemedicine services, subsidized health club memberships, and an employee assistance program. Our investment in you means supporting you professionally, financially, and personally at every stage of your journey with us.

Our Commitment to Inclusion & Belonging

Envestnet is an Equal Employment Opportunity employer and does not discriminate in employment on the basis of religion, race, color, caste, sex, gender, gender identity or expression, pregnancy, age, disability, medical condition, nationality, ethnic origin, marital status, or any other status protected under applicable Indian law. This commitment is in accordance with the Constitution of India and applicable labor and employment laws. All employment decisions are made solely based on merit, qualifications, performance, and business needs.

We strive to provide an inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation, please contact us at [email protected]. Please include your full name, the title of the role you are applying for, and the accommodation necessary to assist you with the recruiting process.

Recruitment Fraud

At Envestnet, safeguarding the trust and safety of job seekers is a top priority. We are aware that scammers may impersonate Envestnet recruiters or create fake job opportunities to deceive candidates. Review the information on our recruitment fraud awareness page to help you recognize and avoid recruitment fraud.